[thelist] SSL Certificate Choices
Robert Gormley
robert at pennyonthesidewalk.com
Sat Jan 26 16:09:04 CST 2008
That seems odd. Are you saying that if the entire chain is on the
server, up to and including a root certificate, the browser will not
prompt for the use of an untrusted root cert? That seems both odd, and
an utterly huge security hole...
Robert
-----Original Message-----
From: thelist-bounces at lists.evolt.org
[mailto:thelist-bounces at lists.evolt.org] On Behalf Of Joshua Olson
Sent: Friday, January 25, 2008 4:27 PM
To: thelist at lists.evolt.org
Subject: Re: [thelist] SSL Certificate Choices
> -----Original Message-----
> From: kasimir-k
> Sent: Friday, January 25, 2008 5:54 PM
>
> Using a free certificate the visitors must usually excplictly
> accept the CA as trusted. And if it is a site targeted to
> general public, the browser popping up a question "do you
> really trust this certificate authority?" does not appear
> too trustworthy...
I do not concur with the premise of this argument. Free or inexpensive
certificates do not inherently present such a message--all that is
required
to avoid the message is to put the intermediate certificates (the whole
chain) on the server.
Check out alphaSSL.
Joshua
--
* * Please support the community that supports you. * *
http://evolt.org/help_support_evolt/
For unsubscribe and other options, including the Tip Harvester
and archives of thelist go to: http://lists.evolt.org
Workers of the Web, evolt !
More information about the thelist
mailing list